Tag: security
-
WordPress 3.5.2 updates security
For those using WordPress, you’ll be happy to know that version 3.5.2 has just been released with a number of fixes including SSRF ( server-side request forgery ) attacks, a number of components updated to fix XSS ( cross-site scripting ) holes and DoS ( denial of service ) attacks on WordPress’ post password protection…
-
Linkedin security issues with DNS redirection
Starting yesterday, Linkedin went offline for a period of time due to a DNS redirection problem. Essentially when going to the www.linkedin.com site, one would in actual fact be visiting an alternate site that was not actually Linkedin. This issue is generally known as DNS Hijacking. Data that may have been compromised due to users…
-
SARS e@syFile issues
e@syFile is SARS’ client tool to manage your taxes and payroll components. It can work in an off-line mode, but allows you to connect via the Internet to SARS once you are ready to submit documents. With regards to usability, the tool is pretty poor. Having followed the process myself for PAYE Reconciliation, I can…
-
ADSL Router Security in the crosshairs
It’s long been a bugbear of mine when ADSL modems are used at the perimeter of networks as the security device/firewall. Including the fact that many of these units are made to the lowest cost possible and have many vulnerabilities, they are holy unsuited to the task of providing decent security. That’s why I always…
-
A little hackathon
I recently decided to move my Joomla installation from v1.5 to 2.5, a not-inconsiderable task considering that there is no direct upgrade from 1.5. It took some time to get the Jupgrade free tool working but finally I got all my content moved across. Of course, 1.5 templates are not compatible and so started a…
-
Who is looking at who
Analysis of website usage is a huge part of understanding how to improve websites, how to give visitors a better surfing experience and how to maximise the time a visitor spends on a site ( potentially purchasing items while they are there ). SEO, or search engine optimisation, goes hand in hand with site analysis…
-
Apples can get viruses
After years of deceiving its clients, Apple has finally admitted that its products can get viruses, something most of us have known all along. The Mac maker changed the wording on its “Why you’ll love a Mac” page from stating “It doesn’t get PC viruses” to “It’s built to be safe”. The same page also…
-
A week of hacks
This week has been one massive hack; 1st LinkedIn, then eHarmony and now Last.fm. What is especially galling is that none of these companies salt their stored passwords – considering that unsalted password hashes are easily deciphered with the massive computing power available to anyone these days, this is a huge faux pas. “Salting stored…
-
Digital rights and your personal freedom
“We live in a democracy. Or so they told us.” If you take a look at democracies around the world today, you’ll find governments that behave in a completely undemocratic way. One just has to look at the lengths the US has gone to, in undermining the Bill of Rights in the pursuit of terrorism…
-
It’s phishing and pharming XMas time again!
Scammers and authors of malicious software will take any opportunity to trick users into doing something they shouldn’t – holidays are a favourite time for the scammer. At Xmas, we all have that warm and fuzzy feeling. But so do the scammers and they prey on a softening of attitudes towards security at this time…
-
Internet Explorer the safest browser – yeah right!
Microsoft has always bigged up their products using whatever mechanisms they can, including paid-for campaigns/ads and sometimes outright lying. The latest statement that IE is the most secure browser ( according to their yourbrowsermatters website ) fits into this latter category. One has to wonder how Microsoft comes about the scores provided on the site.…
-
New security issue: typo-squatting
Malware, phishing, pharming, typo-squatting, etc. There’s a long list of security issues we have to deal with every day. Keeping track of these and responding correctly in each case is a veritable minefield. That’s after our newly updated anti-virus app has completely missed the threat. Typo-squatting is the well-known practice of serving up scams or…
-
CA’s get hacked
Wow, it really has been a bad week for Certificate Authorities. First DigiNotar gets cracked by a seemingly insistent CA cracker called ComodoHacker; now GlobalSign has stopped processing certificate requests due to possible compromise by the same cracker. It all started in March this year with the Comodo CA breach. Next was StartCom the Israeli…
-
CA’s get hacked off
Earlier this year, one of the biggest names in network-based security, RSA, was hacked. What made the situation a lot worse, was RSA’s hesitance to be forthcoming on the matter. And that unwillingness to disclose seems to be the trend these days. Get hacked. Don’t tell your clients … This lack of openness is becoming…
-
The Cloud, Security and IT Skills
Seeing as everyone is writing about Cloud Computing lately, I thought I’d rehash some of my concerns about this ‘new’ technology. New in parenthesis because the idea is actually quite old, coming from the time-sharing Unix systems of the 60’s and 70’s. Cloud obviously takes this to a new level ( supposedly with non-stop availability…
